<?php
function task_pv(){
//list of task privileges

/*
admin privilege in the format:

array( task name, task file, task order )
*/

$r_pv=array(
array("Manage Admin", "admin_list.php", 0),
array("Bank In Records", "bankin_list.php?_q=pending", 1),
array("Members", "member_list.php", 2),
array("View Member Password", "", 3),
array("Member Point", "member_point.php", 4),
array("Member Genealogy", "genealogy.php", 5),
array("Member Network", "matrix.php", 6),
array("Member Placement", "placement.php", 7),
array("Activation", "activate.php", 8),
array("Sales", "sales_list.php", 9),
array("Member Commission", "commission.php", 10),
array("Commission Report", "commission_report.php", 11),
array("Messaging", "messaging.php", 12),
array("Withdrawal", "withdraw_list.php?_q=pending", 13),
array("Products", "prod_list.php", 15),
array("Add/Update Products", "", 16),
array("Product Categories", "cat_list.php", 14),
array("Inventory Record", "prod_qty_record.php", 17),
array("Sales By Product", "sales_product.php", 18));
return $r_pv;
}

function get_excluded_table(){
//list of table to exclude from viewing
$r_exd=array();
return $r_exd;
}

function get_db_table(){
global $vars;
//table list
$tr_excluded_table=get_excluded_table();$sql = "SHOW TABLES FROM ".$vars["dbi"]["name"];$result = mysql_query($sql);while ($row = mysql_fetch_row($result)) {	    if(!@in_array($row[0], $tr_excluded_table)){    	    	$r_table_list[]=$row[0];    	    }    }return $r_table_list;}

function get_admin_privilege($in_admin_id){
global $vars;
$db=$vars["db"];

$r_admin=@mysql_fetch_assoc(mysql_query("select * from $db->admin where id='$in_admin_id'"));

//get db privilege
$pv_db=$r_admin["pv_db"];
$r_table=get_db_table();
$pi=0;
for($i=0;$i<count($r_table);$i++){
 $temp=substr($pv_db,$pi,2);
 $view=$add=$delete=$edit=0;
 if($r_admin["master"]=='y'){
  $view=$add=$delete=$edit=1;
 }else{
  while($temp>0){
   if($temp-8>=0){
    $delete=1;
    $temp-=8;
   }elseif($temp-4>=0){
    $edit=1;
    $temp-=4;
   }elseif($temp-2>=0){
    $add=1;
    $temp-=2;
   }elseif($temp-1>=0){
    $view=1;
    $temp-=1;
   }
  }
 }                                           
 $o_pv_table[$r_table[$i]]["view"]=$view;
 $o_pv_table[$r_table[$i]]["add"]=$add;
 $o_pv_table[$r_table[$i]]["edit"]=$edit;
 $o_pv_table[$r_table[$i]]["delete"]=$delete;
 $pi+=2;
}

//get task privilege
$task_pv_all=task_pv();
for($i=0,$t=count($task_pv_all);$i<$t;$i++){
 $task_pv[$i]=$task_pv_all[$i][0];
}
$pv_task=$r_admin["pv_task"];
$tpv_i=0;
for($i=0;$i<count($task_pv);$i++){
 if($r_admin["master"]=='y'){
  $o_pv_task[$task_pv[$i]]=1;
 }else{
  $o_pv_task[$task_pv[$i]]=substr($pv_task,$tpv_i,1);
  $tpv_i++;
 }
}

//get email privilege
foreach($r_admin as $field=>$value){
 if(preg_match('/^re_/', $field)){
  if($r_admin["master"]=='y'){
   $value='y';
  }
  $o_pv_email[preg_replace('/^re_/', '', $field)]=$value;
 }
}

unset($pv);
$pv["db"]=$o_pv_table;
$pv["task"]=$o_pv_task;
$pv["email"]=$o_pv_email;
return $pv;
}
           
function encrypt_admin_login_sess_cookie($in_username, $in_password) {
/*
This function will encrypt the admin login info (username & password) and store in both the user local cookie & server session information

in_username - the admin login username, input as unencrypted
in_password - the admin login password, input as encrypted: md5 encryption of password and salt
*/
global $vars;
//use a random salt for each login
$field_cookie_salt = md5("cookie_salt".SECRET_KEY);
if(isset($_COOKIE[$field_cookie_salt])){
 $cookie_salt = $_COOKIE[$field_cookie_salt];
}else{
 $cookie_salt = generate_random_code(32);
}
$enc_username=md5($in_username.$cookie_salt.SECRET_KEY);
$enc_password=md5($in_password.$cookie_salt.SECRET_KEY);
$field_username = md5("a_u".$cookie_salt.SECRET_KEY);
$field_password = md5("a_p".$cookie_salt.SECRET_KEY);
// set cookie with value and set session with the same value.
setcookie ($field_cookie_salt, $cookie_salt, time()+$vars["admin_login_expire"]);
setcookie ($field_username, $enc_username, time()+$vars["admin_login_expire"]);
setcookie ($field_password, $enc_password, time()+$vars["admin_login_expire"]);
ini_set("session.gc_maxlifetime", $vars["admin_login_expire"]);
$_SESSION["cookie_chk"][$field_cookie_salt] = $cookie_salt;
$_SESSION["cookie_chk"][$field_username] = $enc_username;
$_SESSION["cookie_chk"][$field_password] = $enc_password;
}

function verify_admin_sess_data(){
global $vars;
$db=$vars["db"];

$success = false;
$admin_id=$_SESSION["aid"];
if($admin_id){
 $field_cookie_salt = md5("cookie_salt".SECRET_KEY);
 if(isset($_COOKIE[$field_cookie_salt])){
  $cookie_salt = $_COOKIE[$field_cookie_salt];
  $field_username = md5("a_u".$cookie_salt.SECRET_KEY);
  $field_password = md5("a_p".$cookie_salt.SECRET_KEY);

  $r=mysql_query($sql="select username, enc_password from $db->admin where id='$admin_id'");
  if(@mysql_num_rows($r)){
   $username=mysql_result($r, 0, "username");
   $password=mysql_result($r, 0, "enc_password");
   $enc_username=md5($username.$cookie_salt.SECRET_KEY);
   $enc_password = md5($password.$cookie_salt.SECRET_KEY);
   if(isset($_COOKIE[$field_username]) && isset($_COOKIE[$field_password]) && isset($_SESSION["cookie_chk"][$field_username]) && isset($_SESSION["cookie_chk"][$field_password])){
    if($_COOKIE[$field_username] == $_SESSION["cookie_chk"][$field_username] && $_COOKIE[$field_password] == $_SESSION["cookie_chk"][$field_password]){
     if($_SESSION["cookie_chk"][$field_username] == $enc_username && $_SESSION["cookie_chk"][$field_password] == $enc_password){
      $success = true;
     }
    }
   }
  }
 }
}

if($success){
 encrypt_admin_login_sess_cookie($username, $password);
}
return $success;
}
?>